A Security Leadership Creed
Rules for Security Professionals To Live (and Die) By
What makes a good Security Leader?
Certainly getting an award for security leadership is a dubious honor at best (if you must pay to get an award, do you deserve the award?). Being judged as a “good” leader is often left to the people who work near the leader — their boss, their team, their partners, their customers — most of whom don’t know enough about security to be a good judge of security leadership.
Is a good security leader one whose company has never succumbed to a security incident? Unlikely. In fact, the most respected leaders in the security industry often find themselves on the receiving end of a security event — it makes them better defenders and researchers.
Is a good security leader one who has great partnerships with stakeholders and other leaders? Yes — but this doesn’t mean there isn’t conflict, or disagreements, or tension. A security leader should be just that — a leader — not your best friend.
It would seem to me that that security leaders must judge for themselves whether they are a good leader, and that they must use a set of guiding principles that ring true for themselves, not others. Which got me thinking about what kinds of values are important to security leaders. So, as usual, I…
